package abcy.cloud.authenticationserver.config;


import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;

@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {

    @Value("${token.resourceId}")
    private String resourceId;


    @Override
    public void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.authorizeRequests()
                .antMatchers("/getToken","/parseToken","/oauth/token","/auth/doLogin","/doLogin",
                        "/js/**","/sys/sysuser/getUserInfoByUserName","/cyblog/doBlogLogout","/blog/user/doBlogRegister",
                        "/editor/**","/static/**","/blog/es/upload",
                        "/blog/es/searchBlog", "/blog/es/searchBlog1","/client/*").permitAll()// "/order/*"资源是开放的
                .and().authorizeRequests()
                .antMatchers(HttpMethod.OPTIONS).permitAll()
//			.antMatchers("/B").hasRole("admin")
//          .antMatchers("/admin").hasRole("sys_admin")
                .anyRequest().authenticated();      //配置order访问控制，必须认证过后才可以访问

    }

    /**
     * 定义资源服务器解析协议表头（需要与认证服务器定义的表头一致）
     */
    @Override
    public void configure(ResourceServerSecurityConfigurer resources) {
        resources.resourceId(resourceId).stateless(true);
        resources.authenticationEntryPoint(new OauthInterceptor());
    }
}
